package com.oauth2.demo2.oauth2;

import com.oauth2.demo2.oauth2.myexception.MyOAuth2WebResponseExceptionTranslator;
import com.oauth2.demo2.tokenstore.MyTokenEnhancer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import java.util.ArrayList;
import java.util.List;

    /**
 * @ClassName MyAuthorizationConfig
 * @Description 认证服务器配置  AuthorizationServerConfigurerAdapter 自定义配置token
 * @Author Liujt
 * @Date 2020/1/16 10:24
 **/
@Configuration
@EnableAuthorizationServer//认证服务注解
public class MyAuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private MyTokenEnhancer myJwtTokenEnhancer;

    @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter;

    @Autowired
    private MyOAuth2WebResponseExceptionTranslator myOAuth2WebResponseExceptionTranslator;

    /**
     * 端点配置
     *
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
        //使用自定义的token生成规则
        if (jwtAccessTokenConverter != null && myJwtTokenEnhancer != null) {
            TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
            List<TokenEnhancer> enhancerList = new ArrayList();
            enhancerList.add(myJwtTokenEnhancer);
            enhancerList.add(jwtAccessTokenConverter);
            enhancerChain.setTokenEnhancers(enhancerList);
            endpoints.tokenEnhancer(enhancerChain);
        }
        endpoints.exceptionTranslator(myOAuth2WebResponseExceptionTranslator);
    }


    /**
     * 客户端配置(第三方应用信息，clientId，clientSecret)
     *
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(null);
        InMemoryClientDetailsServiceBuilder builder = clients.inMemory();
        builder.withClient("test")//配置
                .secret("test")
                //accessToken有效时间
                .accessTokenValiditySeconds(10000)
                //指定授权模式————"refresh_token", "password", "authorization_code"
                .authorizedGrantTypes("refresh_token", "password")
                //权限类别————"all", "read", "write"
                .scopes("all", "read", "write")
                //refreshToken有效时间
                .refreshTokenValiditySeconds(60 * 60 * 24 * 30);//60 * 60 * 24 * 30
    }
}